107 matches found
Design/Logic Flaw
Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...
CVE-2018-19168
Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...
CVE-2017-1000203
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...
Remote code execution
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...
CVE-2017-1000203
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...
CVE-2017-1000203
CVE-2017-1000203 concerns ROOT (the data analysis framework) versions 6.9.03 and earlier. The rootd daemon is vulnerable to an authenticated shell metacharacter injection, enabling remote code execution. Documents from multiple vendors/advisories consistently describe this vulnerability and its i...
GHSA-78J3-7WPM-QHVP Shell Metacharacter Injection in kelredd-pruview
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to document.rb, video.rb, or videoimage.rb...
Shell Metacharacter Injection in kelredd-pruview
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to document.rb, video.rb, or videoimage.rb...
CVE-2017-9328
CVE-2017-9328 affects TerraMaster TOS prior to 3.0.34. The vulnerability is a shell metacharacter injection in /usr/www/include/ajax/GetTest.php that enables remote code execution as root. Affected product: TerraMaster TOS (Linux-based). Root RCE is possible via crafted input through GetTest.php....
CVE-2017-9328
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
CVE-2012-5695
CVE-2012-5695 describes CSRF vulnerabilities in Bulb Security SPF (Smartphone Pentest Framework) affecting versions 0.1.2–0.1.4. The issues allow an attacker to hijack administrator authentication to trigger requests that perform (1) shell metacharacter actions, (2) SQL injection, or (3) sending ...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
TWiki TWikiUsers Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14834/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a...
TWiki TWikiUsers INCLUDE Function Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14960/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a...
md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
CVE-2009-4024
Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...
CVE-2009-4024
Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...
Design/Logic Flaw
Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...